Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free Web Hosting a Fount of Malware

Posted by Hemos on from the bad-times dept.

daria42 writes "It looks as if free Web space services are increasingly being used to host spyware, with Internet security firm Websense claiming more of such dodgy material was found on free hosting services during the first two weeks of July than in May and June combined. "These fraudulent, free personal Web sites have an average lifespan of two to four days, making them difficult to trace," said an executive from the company."

10 of 203 comments (clear)

  1. What are you gonna do? by gbulmash · · Score: 4, Informative
    Free sites are used as gateways to all sorts of dodgy propositions... malware, porn spam, etc. It's because they're so easy to get with fake identity info. Maybe they record your IP address, but you can start building your site at some free hosts without even having your e-mail address confirmed, and it's possible to disguise your IP address.

    I'd say that the gov't should make these companies provide more authentication, but all it would do is prove a barrier against legitimate users while the criminals would just find a way around.

    Outlawing free/homesteading sites would be likely be found unconstitutional in the U.S. and it would be a big fight to remove the safe harbor provisions for such sites to make them responsible for their users' malicious activities. I really don't know what we could do at a legislative level. At a personal level, I just refuse to visit any sites at angelfire, geocities, et al.

    - Greg

    --
    Start a happiness pandemic
    1. Re:What are you gonna do? by kz45 · · Score: 2, Informative

      That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them. What a dangerous attitude.

      Besides that, there are thousands of free web hosts just because you know the names of 10 or so of the largest doesn't mean you aren't visiting others.

      honestly, it's not even worth it. The providers of most of these "free web hosting" accounts load each "free" site with popups and advertisements. That alone will make me stay away from those sites.

    2. Re:What are you gonna do? by Vlad_Drak · · Score: 2, Informative

      Other commercial hosts are in no way less susceptible to identity issues than most free sites. Also, consider that commercial web hosts offer more of an attack footprint as they'll allow any random script to be uploaded (or host phpBB, etc). I worked for years and years in a senior technical role at one of the top three web hosts, and it's a very difficult job to ensure security across thousands of Linux and Windows boxes with all the mess that's out there. People that run their own dedicated servers are ever worse, as they're probably not monitoring their abuse@ mailbox at all. That mail will go upstream to the hoster's abuse box, which is already overloaded and understaffed. Someone's got to call the customer and get authorization to look at (usually for a fee). At least the free hosters probably have to just update a DB record to shut it off.

      You cannot hold the hoster (free or not) responsible for the users, for many reasons. Hosters already have tight margins, and you'd be asking them to remove features and add expensive head count. I'd love to see Capitol Hill trying to draft a bill that doesn't obliterate the hosters without subsidies of some kind. That is, if they could understand the problem. I can see it now:
       
      "Script interpreters must be compiled so as to not allow outbound socket connections without a valided National ID record"
       

  2. Re:How to trust ANY new web service? by Anonymous Coward · · Score: 1, Informative

    Fixed link:
    http://mp.blogs.com/mp/2005/07/s_11.html

  3. CAPTCHAs (was Re:Convoluted to sign up?) by gbulmash · · Score: 5, Informative
    They make you type in a word that has been obscured as an image to stop them from being set up automatically

    Does anyone know how effective these schemes really are? Is there a study that measures how effective this is?

    The type-in is called a CAPTCHA (an acronym for "completely automated public Turing test to tell computers and humans apart"). They can be fairly effective, but all they do is block robots from setting up an account. If I need 10 accounts, I don't necessarily need to automate it. CAPTCHAs are more often used effectively to block bulk botting stuff like blog spam, signups for free mail accounts, or other services (like whois at Netsol.com or Godaddy.com) prone to abuse and they can work well if well designed. But, again, they're to prevent robots from doing something, not humans.

    Now, as CAPTCHA's get more obscured to try to defeat more sophisticated OCR elements, they become more difficult for humans to read. I recently developed one that I may use on some of my sites that uses identifying the contents of pictures. Demo here. Some of the people I've had test it said it was fun and they actually played it like a game.

    - Greg

    --
    Start a happiness pandemic
  4. Re:Fount? by tidewaterblues · · Score: 5, Informative

    Actually, fount is the British and the old poetic spelling of font. When this spelling is used, it generally means a fountain, spring, or source. Using the modern spelling, a font refers to a basin for baptizing people or holding holy water, (sometimes also called a laver), although it can refer to the old useage as well. However, I don't think the word can be used to mean "plethora".

    --


    ...En að Besta Sem Guð Hefur Skapað Er Nýr Dagur
  5. Re:Convoluted to sign up? by redheaded_stepchild · · Score: 2, Informative

    Well, according to this, they might even be TOO effective...
    That may not be the exact answer you were looking for, though.

    --
    Don't use the Troll mod just because you disagree with me.
  6. Re:Fount? by Compholio · · Score: 3, Informative

    However, I don't think the word can be used to mean "plethora".

    I've actually heard it a whole lot, but my parents were always big on vocabulary. At least in US English there's no "u" in font though:
    http://dictionary.reference.com/search?q=font

    Specifically:
    An abundant source; a fount: She was a font of wisdom and good sense.

    (you have to look at fount to see that the "u" is deprecated)

  7. Re:Who would have guessed??? by British · · Score: 2, Informative

    Don't numerous ISPs throw some free web page space, quite often WITHOUT pop-up ads or such ad-related garbage?

    I mean with Comcast and its millions of customers, you get some web page space to hotlink images, etc. Sure, you can't do certain questionable web pages(hacking, porn, etc), but still it is included with the cost of your monthly bill.

    Heck, even AOL has web page space.

    Again, if there's malware being sent out on free web page sites, perhaps its time for them to go.

  8. Re:Only last so long by Anonymous Coward · · Score: 1, Informative

    They already do, here is an article from nearly two years ago:

    http://www.wired.com/news/business/0,1367,60747,00 .html